Will ISP Web Content Filtering Continue To Grow?

unixluv writes to tell us that another ISP is testing web content filtering and content substitution software. One example sees a system message that is pre-pended to an existing web page. While it seems innocent enough, is this the wave of the future? Will your ISP censor or alter your web experience at will? There have been many instances of content filtering lately and it seems to be a popular idea on the other side of the fence.

Rogers sucks.

[TheSpoom]

Goddamn, I hate Rogers. At least they're being honest with their bandwidth caps now. Unfortunately, I find myself in the position of having to switch fairly soon to a cable-based service as the phone lines in this apartment are horribly old and low-quality. My experience with TekSavvy has been great from a customer service standpoint but it seems any DSL line I get here will be subject to the same problems, problems my landlord is almost certainly not willing to fix.

I know about 3web but I've heard some fairly bad things as well. Can anyone recommend some non-DSL, high speed (5+ MBPS), preferably low-cost ISPs in the London, Ontario area?

On another note, I'm almost certain this is going to cause unforeseen problems for Rogers, or at least their customers. I'm glad I don't do tech support for them...

And as pointed out in TFA, this has some pretty evil possibilities. Barring the obvious censorship issues, who's to prevent Rogers from replacing, say, Google Adsense scripts with their own ads? They already do it with Bell ads on their digital cable. Don't believe me? If you have Rogers digital cable, you'll notice that there are some ads that play on every channel that has commercials. If you look closely at the start of these ads, you'll usually see about a half second of another ad, quickly replaced by the Rogers network-wide one. These preempted ads are usually for Bell ExpressVu, Rogers' main (satellite) competitor.

But, like most cable companies, they remain because they have a monopoly on the cable market. Ultimately, this is the problem that needs to be solved before the rest, and I don't see it happening any time soon.

Re:Rogers sucks.

[CSMatt]

And as pointed out in TFA, this has some pretty evil possibilities. Barring the obvious censorship issues, who's to prevent Rogers from replacing, say, Google Adsense scripts with their own ads? They already do it with Bell ads on their digital cable. Don't believe me? If you have Rogers digital cable, you'll notice that there are some ads that play on every channel that has commercials. If you look closely at the start of these ads, you'll usually see about a half second of another ad, quickly replaced by the Rogers network-wide one. These preempted ads are usually for Bell ExpressVu, Rogers' main (satellite) competitor. That's not unusual. My parents' cable company (JetBroadband, small enough not to seem so much like an evil telco but just as annoying) recently started doing this on prime time channels to air their anti-piracy and anti-satellite ads. I believe that most of the time the ad covered up was an Enzyte commercial, which I'm all for not watching but their in-house ads are often times just as bad. However they also sometimes insert advertising for local businesses into the national channels, and they do let national ads for DirecTV and Dish Network through.

Hmm. What's to stop

[zonky]

The code being appended breaking websites in some browsers? People disabling javascript?

Re:Hmm. What's to stop

[HoosierPeschke]

It could be inserted as static text, preprocessed on their server side instead of a script appended to the page. That way the source would look just like Google had put it there themselves. I can't imagine that's legal, or at least I used to think that stuff wouldn't be legal.

Re:Hmm. What's to stop

[wizardforce]

If I remember correctly a few ISPs were toying with the isea of actually rewriting webpage code, not just inserting a little javascript for flavoring. That's the problem. ISPs could modify web page code that isn't easily blocked without blocking the entire page. not really much is preventing them from inserting text-ads for example into a body of text on a web page.

Re:Hmm. What's to stop

[Hatta]

That would be great. Then everyone would have an incentive to use encryption by default.

Re:Hmm. What's to stop

[piojo]

If I remember correctly a few ISPs were toying with the isea of actually rewriting webpage code, not just inserting a little javascript for flavoring. Maybe I'm just being naive, but is there a reason that that wouldn't be a copyright violation? Creating and distributing a derivative work?

Answer: Yes.

[R2.0]

Next Question?

Um, use email or texting

[linzeal]

I would love it if my ISP could just email me or text me to let me know of problems. With 90% of the cell phones out there capable of receiving texts and at least half capable of getting email it seems like the logical choice. Any ISP that dares to intrude on my web surfing will get the boot.

Re:Um, use email or texting

[Stevecrox]

90% of phones capable of receiving texts? Your kidding right? I remember the Nokia 5110 (basically a n402) was released in 1998 (I owned one on pay as you go then too) was capable of 192 charracter sms messaging, My Nan's BT Cellnet own brand analog phone (this predated both the digital antenna's and the GSM sim card standard) which she bought in 1996 was capable of supporting text messages and that was a cheap end phone. (it was still in use until O2 forced a discontinue of service on that model for technical reasons.)

In the last ten years I have taken a keen interest in mobile phones and never seen a model which does not support SMS messaging, heck in the last 4/5 years I don't think I've seen a phone which doesn't support picture messaging (well ok the iPhone doesn't, but then the phone you can get free from Asda when you buy £20 of credit does.)

Its always puzzled me why ISP's won't text you about network outages, filtering and bandwidth limitations.

Re:Um, use email or texting

[rucs_hack]

Its always puzzled me why ISP's won't text you about network outages, filtering and bandwidth limitations.

For the same reason Water companies don't contact you and tell you about all the leaky water pipes in your area, they don't want to be sending negative news to everyone, it makes them look bad.

If they can blame you for breaking their terms and conditions, that makes you the bad guy, but if they sent a text telling you all the latest things they'd decided to not let you do, regardless of whether you were doing them, that makes them the bad guy, and customers would start leaving.

1 Acronym

SSL

Sue 'em

[Asmor]

There should be no ambiguity here. They have no right to modify that information. What they are doing is tantamount to forgery, perjury and impersonation. Sue the hell out of them until they stop or go bankrupt.

Re:Sue 'em

[Bearpaw]

Instead of suing for everything, we could just make a law to prevent this.

Filing suit is part of the process of enforcing certain already-existing laws.

You might just as well say, "Instead of arresting people for everything, we could just make a law to prevent murder."

Re:Sue 'em

[calebt3]

Or that people will obey them simply because it's the law. Prohibition worked like a charm, didn't it? ;-)

Re:Sue 'em

[J'raxis]

That law exists. It's called "copyright." It's typically enforced through lawsuits.

What do you think?

[mdm-adph]

Get ready for the encrypted web.

Re:What do you think?

[littlerubberfeet]

I would love to see end to end encryption become standard. I know that it creates overhead, and as the admin of several small websites, I know the implementation can take longer, but I would still like it to become standard.

The only way that ISPs could then exert control would be through messing with DNS records and redirects, which has far larger implementations. OpenDNS anyone?

Re:What do you think?

[Ephemeriis]

I would love to see end to end encryption become standard. I know that it creates overhead, and as the admin of several small websites, I know the implementation can take longer, but I would still like it to become standard.

Agreed. I don't want anyone messing with my websites. If I load up Slashdot, I want to see what Slashdot published on their site. I don't want any additional banners/ads/whatever...I don't want text selectively changed... I want to see Slashdot. And when I publish a website I want to know that visitors are seeing what I published, not what their ISP thinks they should see.

The only way that ISPs could then exert control would be through messing with DNS records and redirects, which has far larger implementations. OpenDNS anyone?

Our regional cable ISP started manipulating DNS not too long ago, so we started switching people over to OpenDNS. But lately they've started playing with SMTP. You have to use the ISP's SMTP server unless you're a "business" customer...and of course their SMTP server will only relay for their own mail addresses. So we've had a lot of angry home users who can't use their email accounts. Hooray for webmail!

Sites that don't want to be filtered will go SSL

[davidwr]

Sites that don't want to risk having their ads stripped or replaced will shift to SSL.

When enough big-name sites do that the economic incentive to insert or replace ads will drop off.

!Content-Filtering

[Ambiguous+Coward]

Just to be clear, what Comcast has been caught at is not content-filtering. They have been breaking connections based on the *type of the connection*, not the content contained therein. Let's call what Comcast is doing by a more descriptive name. I propose Context Filtering. This way, we have QoS (throttling throughput while leaving it operational, etc.), Content-Filtering (watching the data going through and responding to the actual data) and Context-Filtering (watching the type of connection and reacting to that, such as SMTP connections, HTTP connections, BitTorrent connections, etc.) These terms are not interoperable, and shouldn't be treated as such.

-G

Re:!Content-Filtering

[R2.0]

I propose a new terminology: Geraldine Job, named after the Lily Tomlin character.

Basically, Comcast is listening to your conversation, deciding that it is going on too long and/or you are talking about something they don't like, and pulling the 1/4" plug, forcing you to repeat the call. And then doing it again.

Don't like it? "Sorry, we're the ISP - we don't have to care."

Re:!Content-Filtering

[Ambiguous+Coward]

It matters what you call it because people need to have at least an inkling of what they're talking about. It's happened in other threads, and it will likely happen in this one, that the issue is confused for net neutrality, a completely separate side-issue.

Also, content-filtering and context-filtering are two completely different issues. With the former, I can't see any way you can claim common-carrier status. With the latter, I'm not sure yet. For instance, if I'm a common carrier, I'm pretty sure I'm still allowed to pick what *kind* of things I carry. I am under no requirement, for instance, to support carrier-pigeons on my network. Likewise, I may be under no compulsion to support bittorrent transfers on my network. On the other hand, I *am* supporting TCP/IP traffic, so it seems I should support *all* TCP/IP traffic, provided it conforms to the spec I am claiming to support.

So, by that logic, anyone claiming common-carrier status (i.e. Comcast) should not be allowed to perform content- or context-filtering. The problem is getting them to define what context(s) they carry. I have no doubt that if it came down to that, Comcast would *not* claim to be a common carrier of the TCP/IP context. They would instead claim far more specific contexts, such as SMPT, HTTP, etc.

All of that aside, I think it's bullshit and Comcast should have their feet put to the coals for the fraudulent data they're transferring. They are actively performing a man-in-the-middle attack on those whose traffic they are supposedly neutrally transferring.

Long story short--and I apologize for all the rambling above--it matters what you call it because that changes what bullshit excuse will be used in court.

-G

You've Agreed To It

[jcm]

Each person should review the Terms of Service (ToS) they accepted (and most likely continue accept each time they use their Internet connection) and look to see what is stated there. Also, realize that the ISP's will update it with nearly no notice. Inside of those agreements that you agree to generally through your use of their services you'll find all kinds of interesting things. For example, here is some relevant quotes from Verizon's ToS in Section 14.4:

"You hereby consent to Verizon's monitoring of your Internet connection and network performance, and the access to and adjustment of your computer settings, as they relate to the Service, Software, or other services, which we may offer from time to time."

Who is to say that "adjustment of your computer settings" doesn't include adjustment of .html files being delivered to you. Oh and just in case that wasn't strong enough, in Section 15.8 you get:

"15.8 You agree that Verizon assumes no responsibility for the accuracy, integrity, quality completeness, usefulness or value of any Content, data, documents, graphics, images, information, advice, or opinion contained in any emails, message boards, chat rooms or community services, or in any other public services, and does not endorse any advice or opinion contained therein. Verizon does not monitor or control such services, although we reserve the right to do so. Verizon may take any action we deem appropriate, in our sole discretion, to maintain the high quality of our Service and to protect others and ourselves."

Similar allowances are inComcast's Acceptable Use Policy. Basically, folks have to understand what they are signing up for and how often it can change.

There are companies out there today, Phorm for example, who already are working with ISPs around the world in order to put their gear in the ISP networks to create targeting advertising based on all Internet habits, not just specific sites with specific cookies or the like. So far they all seem to be giving you an ability to Opt Out, but that appears to be a way to create good will for the moment. If there was case law backing them up, who knows if they'd continue the practice.

Re:You've Agreed To It

[Todd+Knarr]

Except that Google (in this case) hasn't agreed to those Terms of Service and isn't bound by them. It'd be interesting to see the response to a statement like this from Google: "We grant an implicit license to ISPs to make unmodified copies of our pages on their cache servers and distribute them. We do not grant any license, implicit or explicit, to create derivative works by modifying our pages beyond the boundaries of fair use. We remind ISPs that making and distributing copies of a copyrighted work, or making and distributing a derivative work based on a copyrighted work, without a license from the copyright holder constitutes copyright infringement. We also remind them of the consequences if the PRO-IP Act currently under consideration in Congress passes.".

This is almost certainly a copyright violation

[sed+quid+in+infernos]

Adding the header is making a derivative work of the original web page. So is substituting one add for another. I can't think of any reasonable fair use argument that would prevent this from being a copyright violation. The web sites visited by the ISP's subscribers likely have a cause of action against the ISP. And the ad substitution victims likely could prove significant damages.

I haven't fully thought through the contractual implications of this yet (as between the ISP and the ISP's subscribers), but there's almost certainly something there, too.

Dont trash that yet!

[CaptScarlet22]

I'd wager an underground modern BBS systems would start to popup again, if things get to far out of hand.

Say hello to dial-up all over again!!

Copyright

[Bogtha]

The reason why ISPs can get away with copying resources into their caches is because they are "incidental copies", where permission for copying is implied for the purpose of normal operation. Web developers can apply Cache-Control: no-transform to indicate that changes of this nature should not take place. It seems to me that any ISP that alters such pages would be creating unauthorised derivative works and permission would not be implied to copy, thus making them guilty of copyright infringement.

Re:Fuck You America!

[Stanislav_J]

Other than that, how was the play, Mrs. Lincoln?

The moment after this becomes fairly common.

[Vellmont]

Is the moment websites start going to all HTTPS.

I kind of doubt anyone likes their website to have content in it inserted by an ISP. The big sites like Yahoo, Ebay, Amazon, etc, will just turn on HTTPS for all content. The only reason they haven't done it yet is because there's little reason to do so, and it takes some extra processing time.

Re:The moment after this becomes fairly common.

[SiriusStarr]

I doubt this will stop ISPs for long. They'll likely just man-in-the-middle attack it. This has long been a weakness of public-key encryption and the reason that certificate authorities like Verisign were created to validate keys. The problem lies in the fact that ISPs control your communication with certificate authorities too. Theoretically, they can fool you into thinking whatever they want. How can you verify keys when all of your communications run through a single authority? Perhaps the only weakness ISPs face here (other than the wrath of consumers) is the computational demands of DPI. It will take an awful lot of computing power on their end to truly implement this. One possible way around might be through the use of multiple, distinct internet connections. If you are presented with a different key for google on two different connections, at least one of them must be faked. Of course, you are still left wondering which one, so you'd have to throw out both. I honestly think that the best hope for preventing the Orwellian state of communications that is rapidly approaching is through market pressure. So long as one ISP remains that does not filter, that remains neutral, customers will flock to them. It will be the new selling point of the 21st century, "We only censor your web a little bit!"

Not Just a Bad Idea: IT'S THE LAW

[Doc+Ruby]

Well, it's almost the law, and proably will be soon enough, to require ISPs to spy on your every message, request and download.

The House just passed the "SAFE Act" to force all ISPs to take responsibility for all content they host or transport, even if they don't moderate it, in direct contradiction of the landmark CDA [wikipedia.org] which let ISPs be like telcos always have. Lots of child molesters trap children in telephone conversations, but the telco has no liability. Because holding them responsible requires tapping every conversation, which is what the SAFE Act (not the one with the same name that sanely deregulated crypto export) now does: forces ISPs to monitor and analyze the content of your every Internet communication.

When the Senate passes it, then the president signs it, every ISP will be forced to spy on your every online move (just like the government does - hi, Dick!). Just the threat of enforcement will be enough to get ISPs to do whatever the government wants.

Mirror of the picture

[lobStar]

Mirror of the hi-res picture: http://forum.pigvj.se/uploadfiler/37/rogers-google.jpg OK, i admit putting i there mostly to mess with my friends web hotel account. :)

Re:The market will decide.

[99BottlesOfBeerInMyF]

Some ISP's will filter content. The consumer will either accept it, or use a different ISP. The market ultimately dictates policy in these matters.

Do you really believe the free market is at work in the telecom industry? In most places in the US people have zero, one, or two options for broadband network access and that is unlikely to change anytime soon. As a result, we don't have the many competitors required for the free market, we have a cartel, with most major players having been convicted of undermining the free market at one point or another. New players cannot enter because legal restrictions on the use of the last mile, public right of ways, licensed to only one cable and one phone operator. New players are also disadvantaged because while the government ate the costs of the initial telecoms, subsidizing them to the tune of billions, they won't do the same for anyone else, thus making it a very unfair playing field. Finally, peering agreements are great and all, but the free market cannot act though dozens of intermediaries and if filtering is being done by a network operator that has a peering agreement with someone who has a peering agreement with someone who has a peering agreement with someone you're doing business with, your dislike of the practice will never filter back to them through free market feedback and so nothing will get better.

Before you can expect the invisible hand of the market to act, you have to make sure that market meets the minimum criteria to qualify as a capitalist, free market, and the telecom industry is not even close.

And the law makes it a worse idea

[Banzai042]

Actually if anything it'll have the opposite effect on content monitoring and filtering. The SAFE act doesn't require ISPs to monitor everything on their network and get fined if they don't report somebody. Instead it says *IF* they detect somebody looking at illegal images or something else covered in the act, and they fail to report it, then they can be fined. This means that the more monitoring an ISP does of the traffic, the more likely it is that they'll technically see something that should have been reported, and fail to do so, opening themselves up for legal problems. On the other hand, if they don't monitor and filter traffic then they won't be at risk, since they'll almost never "catch" anybody that needs to be reported under the SAFE act. Granted, the SAFE act is still a horrible idea, but it's not something that will cause ISPs to do more monitoring.

Re:Fuck You America!

[Crispin+Cowan]

I'm sick of an American school system that produces children who are brought up to believe that America IS the world and anything that goes on outside is irrelevant. Children so stupid they think America invented the Internet, computer, motor car, light bulb, telephone etc ad infinitum....

Here's a clue: "America" (people in America) did invent the Internet, a substantial part of the computer, the light bulb, the telephone ... not quite ad infinitum. America did not invent everything, not even a majority of things, but American inventors certainly did invent a huge fraction of things invented since 1776.

If you are going to throw an irrelevant troll rant, at least get your facts straight :-)

All it takes is competetion

[T0wner]

Sooner or later the ISPS will start advertising "We dont restrict your usage, unlike ". The market competition will provide us net neutrality not government intervention

Here you go

[pjt33]

Will we see a trend towards major websites being served entirely over https?

Re:Here you go

No, you will not see this anytime soon. It is far far too 'expensive' (cpu intensive, memory, extra network bandwidth, etc...) for websites to serve everything over https.

See http://apache.slashdot.org/article.pl?sid=99/10/29/2050218 for more info

Re:Here you go

[pjt33]

But is it more expensive to pay for the resources necessary to serve over https or to leave your site vulnerable to ISPs injecting things which might annoy your consumer or remove the ads which provide some of your revenue stream?

Re:This corresponds to what Microsoft wants to do

[pjt33]

What about common carrier status? In countries for which this is relevant ISPs have indemnity for data passing through their systems which they merely transfer. However, if they're modifying a page then do they become liable for the its content as a whole, and thus vulnerable to libel etc. charges?

Re:Sue 'em: we *have* a law

[coats]

Because it is for commercial gain, the act of introducing web advertisements into a third party's web pages is felony copyright infringement..

Whenever you see this happening, do a screen capture and a "save page" to preserve the evidence, and then notify the webmaster of the page whose copyright was infringed, suggesting that this someone is committing this felony infringement of their rights, and that they need to do something about it before the statute of limitations on such action expires.

This is complete bullEXCELLENT

[glindsey]

I've really ENJOYED THE SAFETY I GET with web filtering. This sort of stuff has simply gone too NOT FAR ENOUGH. I'm so ABSOLUTELY CONTENT with Comcast, I'm going to go call them right now and VOLUNTARILY INCREASE THE AMOUNT I AM PAYING THEM, and I suggest that everybody else yell about HOW COMCASTIC THEIR SERVICE IS.

Sincerely,

SATISFIED CUSTOMER

ISps

[Tailsfan]

Pleas don't be my ISP.

ECPA violation?

[anwyn]

Will someone please explain to me why content modification is not a violation of the ECPA (Electronic Communications Privacy Act. Clearly to modify content, you first have to intercept it.

Also as others have suggested, even if the ECPA could be waived by contract, this should violate the copyright holder's copyright. The copyright holder is not a party to any agreement between the user and ISP.

Re:Google

[CSMatt]

If the "free market" is working the way it's advertised, someone will come along set up an ISP that does NOT filter content or inject their own ads or throttle p2p or whatever, and customers will fly away from the restrictive ISPs and sign up with the "open" provider. It remains to be seen if this actually happens. It's my theory that the "free market" is just some bogus concept taught in econ schools to support the corporate plutocracy, so if I'm correct, there won't be a sudden insurgence of competitors in the ISP space. The market only fails here because the ISPs (exluding dial-up and satellite providers which will probably never provide a decent alternative) have a local monopoly over their respective area. The FCC's decision to end exclusive cable contracts with apartments helps a little, but ultimately it does nothing for everyone who does not live in an apartment or for cities where there is no competitor at all. I also wouldn't be surprised if the ISPs have their own secret cartel, since for the above reasons there is no need for them to compete with each other.

It does and it doesn't

[davidwr]

Many sites on the same IP can share the same certificate.

This opens up a new marketing tool for low-cost virtual hosting providers:

"Do you want people to see your site as you intended? Use https: and automatically get our ACME SSL certificate."

Put verbage on the web site and the certificate to confirm to end-users it's legit so they don't panic.

https - ssl

[Nom+du+Keyboard]

How about if connections are just switched over to https / ssl encryption technologies. Can you prepend to an encrypted page? How long before there's a FF plug-in to strip any non-encrypted element from a page? That kind of idea could stop this nonsense pretty quick.

Also, does their extra crap count towards your bandwidth caps?